Lucene search
K

720 matches found

Vulnrichment
Vulnrichment
added 2026/02/02 1:15 p.m.5 views

CVE-2026-24070 Local Privilege Escalation via DYLIB Injection in Native Instruments Native Access

During the installation of the Native Access application, a privileged helper com.native-instruments.NativeAccess.Helper2, which is used by Native Access to trigger functions via XPC communication like copy-file, remove or set-permissions, is deployed as well. The communication with the XPC servi...

5.8AI score0.00213EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.5 views

CVE-2026-22772

A flaw was found in Fulcio, a certificate authority for issuing code signing certificates. A remote attacker could exploit this by bypassing MetaIssuer URL validation due to unanchored regular expressions regex in the metaRegex function. This vulnerability could lead to Server-Side Request Forger...

5.8CVSS5.3AI score0.0022EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-22772

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses...

5.8CVSS7AI score0.0022EPSS
Exploits1References4
NVD
NVD
added 2026/01/12 9:15 p.m.8 views

CVE-2026-22772

Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF on...

5.8CVSS0.0022EPSS
Exploits1References2
OSV
OSV
added 2026/01/12 9:15 p.m.2 views

DEBIAN-CVE-2026-22772

Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF on...

5.3CVSS7AI score0.0022EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/01/12 8:58 p.m.7 views

CVE-2026-22772 Fulcio vulnerable to Server-Side Request Forgery (SSRF) via MetaIssuer Regex Bypass

Fulcio is a certificate authority for issuing code signing certificates for an OpenID Connect OIDC identity. Prior to 1.8.5, Fulcio's metaRegex function uses unanchored regex, allowing attackers to bypass MetaIssuer URL validation and trigger SSRF to arbitrary internal services. Since the SSRF on...

5.8CVSS6.8AI score0.0022EPSS
Exploits1References2
OSV
OSV
added 2026/01/10 7:16 a.m.6 views

UBUNTU-CVE-2026-22703

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...

5.5CVSS5.9AI score0.00077EPSS
Exploits1References5
Debian CVE
Debian CVE
added 2026/01/10 6:11 a.m.6 views

CVE-2026-22703

Cosign provides code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, Cosign bundle can be crafted to successfully verify an artifact even if the embedded Rekor entry does not reference the artifact's digest, signature or public key. When verifying a Rekor...

5.5CVSS5.2AI score0.00077EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/09 11:28 a.m.7 views

CVE-2021-33592

NAVER Toolbar before 4.0.30.323 allows remote attackers to execute arbitrary code via a crafted upgrade.xml file. Special characters in filename parameter can be the cause of bypassing code signing check function...

9.8CVSS7.9AI score0.02118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:24 a.m.4 views

CVE-2023-40012

uthenticode is a small cross-platform library for partially verifying Authenticode digital signatures. Versions of uthenticode prior to the 2.x series did not check Extended Key Usages in certificates, in violation of the Authenticode X.509 certificate profile. As a result, a malicious user could...

7.5CVSS7AI score0.002EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/01 12:0 a.m.6 views

PT-2026-2253

Name of the Vulnerable Software and Affected Versions Cosign versions prior to 2.6.2 and 3.0.4 Description Cosign is a tool providing code signing and transparency for containers and binaries. Prior to versions 2.6.2 and 3.0.4, a crafted Cosign bundle could successfully verify an artifact even if...

7.5CVSS6.8AI score0.0053EPSS
Exploits4References40
Packet Storm
Packet Storm
added 2025/12/24 12:0 a.m.272 views

📄 macOS 10.12.2 XNU Kernel Privilege Escalation

This proof of concept targets a race‑condition vulnerability in the XNU kernel affecting macOS/iOS. By forcing a use‑after‑free condition on kernel ports, the exploit manipulates freed memory through a controlled spray, allowing a user‑controlled replacement object. Successful exploitation yields...

9.3CVSS8.5AI score0.0676EPSS
Exploits5
RedhatCVE
RedhatCVE
added 2025/12/13 10:0 p.m.4 views

CVE-2025-43522

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to access user-sensitive data...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 10:0 p.m.4 views

CVE-2025-43521

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to access sensitive user data...

5.5CVSS5.8AI score0.00125EPSS
Exploits0References1
NVD
NVD
added 2025/12/12 9:15 p.m.6 views

CVE-2025-43522

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to access user-sensitive data...

3.3CVSS0.00111EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 9:15 p.m.5 views

CVE-2025-43522

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3. An app may be able to access user-sensitive data...

3.3CVSS5.8AI score
Exploits0References2
NVD
NVD
added 2025/12/12 9:15 p.m.3 views

CVE-2025-43521

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to access sensitive user data...

5.5CVSS0.00125EPSS
Exploits0References2
OSV
OSV
added 2025/12/12 9:15 p.m.4 views

CVE-2025-43521

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3. An app may be able to access sensitive user data...

5.5CVSS5.7AI score
Exploits0References2
CVE
CVE
added 2025/12/12 8:57 p.m.13 views

CVE-2025-43522

CVE-2025-43522 is a downgrade issue affecting Intel-based Mac computers. The vulnerability arises in macOS with a downgrade path that was addressed by adding code‑signing restrictions, and is fixed in macOS Tahoe 26.2 and macOS Sequoia 15.7.3. An app may be able to access user‑sensitive data due ...

3.3CVSS5.8AI score0.00111EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2025/12/12 8:57 p.m.20 views

CVE-2025-43522

A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sequoia 15.7.3, macOS Tahoe 26.2. An app may be able to access user-sensitive data...

0.00111EPSS
Exploits0References2
Rows per page
Query Builder